Página 3 de 4 PrimeiroPrimeiro 1234 ÚltimoÚltimo
+ Responder ao Tópico



  1. Obrigado pela explicação, agora sim entendi para que ela serve.

  2. Veja se essas regras podem te ajudar....

    /ip firewall filter
    add action=passthrough chain=pre-hs-input comment="place hotspot rules here" \
    disabled=no
    add action=drop chain=output comment="Dropar Proxy Externo" disabled=no \
    protocol=tcp src-address=!192.168.0.0/16 src-port=3128
    add action=drop chain=input comment="" disabled=no icmp-options=8:0 limit=1,5 \
    protocol=tcp src-address=!192.168.0.0/16 src-port=3128
    add action=drop chain=forward comment="" disabled=no protocol=tcp \
    src-address=!192.168.0.0/16 src-port=3128
    add action=drop chain=forward comment="Conex\F5es Inv\E1lidas" \
    connection-state=invalid disabled=no
    add action=drop chain=forward comment="" disabled=no dst-address=\
    192.168.0.0/16 in-interface=Cliente out-interface=Cliente protocol=udp \
    src-address=192.168.0.0/16 src-port=135-140
    add action=drop chain=input comment="" disabled=no dst-address=192.168.0.0/16 \
    dst-port=135-140 in-interface=Cliente protocol=udp src-address=\
    192.168.0.0/16
    add action=drop chain=output comment="" disabled=no dst-address=\
    192.168.0.0/16 out-interface=Cliente protocol=tcp src-address=\
    192.168.0.0/16 src-port=135-140
    add action=drop chain=output comment="" disabled=no dst-address=\
    192.168.0.0/16 dst-port=135-140 out-interface=Cliente protocol=tcp \
    src-address=192.168.0.0/16
    add action=drop chain=output comment="" disabled=no dst-address=\
    192.168.0.0/16 dst-port=135-140 out-interface=Cliente protocol=udp \
    src-address=192.168.0.0/16
    add action=jump chain=forward comment=" Ares" disabled=no jump-target=Ares \
    p2p=warez protocol=tcp
    add action=jump chain=forward comment="Cria jumps para novas chains" \
    disabled=no jump-target=virus protocol=tcp
    add action=drop chain=forward comment="Dropar conexo P2p por horrio" \
    connection-mark=P2P-Conexao disabled=no p2p=all-p2p protocol=tcp time=\
    7h-23h59m,sun,mon,tue,wed,thu,fri,sat
    add action=drop chain=Ares comment="Bloqueio de Ares por horrio" \
    connection-mark=P2P-Conexao disabled=no p2p=warez protocol=tcp time=\
    7h-23h59m,sun,mon,tue,wed,thu,fri,sat
    add action=drop chain=forward comment="" connection-mark=P2P-Conexao \
    disabled=no dst-port=0 protocol=udp
    add action=drop chain=forward comment="" connection-mark=P2P-Conexao \
    disabled=no p2p=blubster
    add action=drop chain=forward comment="" connection-mark=P2P-Conexao \
    disabled=no p2p=direct-connect
    add action=drop chain=forward comment="" disabled=no p2p=fasttrack
    add action=drop chain=forward comment="" disabled=no p2p=fasttrack
    add action=drop chain=forward comment="" connection-limit=10,32 \
    connection-mark=P2P-Conexao disabled=no limit=1,3 p2p=gnutella protocol=\
    tcp
    add action=drop chain=forward comment="" connection-limit=10,32 \
    connection-mark=P2P-Conexao connection-state=new disabled=no limit=1,3 \
    p2p=edonkey protocol=tcp
    add action=drop chain=forward comment="" connection-mark=P2P-Conexao \
    disabled=no p2p=bit-torrent
    add action=drop chain=forward comment="" connection-limit=10,32 \
    connection-mark=P2P-Conexao disabled=no limit=1,3 p2p=warez protocol=tcp
    add action=drop chain=forward comment="" connection-mark=P2P-Conexao \
    disabled=no p2p=winmx
    add action=log chain=input comment="Log everything else" disabled=yes \
    log-prefix="DROP INPUT"
    add action=drop chain=forward comment="Bloqueios principais" disabled=no \
    protocol=tcp src-port=135-140
    add action=drop chain=forward comment="" disabled=no protocol=udp src-port=\
    135-140
    add action=drop chain=forward comment="" disabled=no dst-port=135-140 \
    protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=135-140 \
    protocol=udp
    add action=drop chain=input comment="" disabled=no protocol=udp src-port=\
    135-140
    add action=drop chain=input comment="" disabled=no dst-port=135-140 protocol=\
    tcp
    add action=drop chain=input comment="" disabled=no dst-port=135-140 protocol=\
    udp
    add action=drop chain=virus comment="" disabled=no dst-port=1080 protocol=tcp
    add action=drop chain=virus comment="" disabled=no dst-port=1363 protocol=tcp
    add action=drop chain=virus comment="" disabled=no dst-port=1364 protocol=tcp
    add action=drop chain=virus comment="" disabled=no dst-port=1373 protocol=tcp
    add action=drop chain=virus comment="" disabled=no dst-port=1377 protocol=tcp
    add action=drop chain=virus comment="" disabled=no dst-port=1368 protocol=tcp
    add action=drop chain=virus comment="" disabled=no dst-port=3306 protocol=tcp
    add action=drop chain=virus comment="" disabled=no dst-port=1025 protocol=tcp
    add action=drop chain=virus comment="" disabled=no dst-port=1433-1434 \
    protocol=tcp
    add action=drop chain=virus comment="" disabled=no dst-port=1024-1030 \
    protocol=tcp
    add action=drop chain=input comment="dropar e salvar na lista Negra" \
    disabled=no dst-port=21,22,23,25 protocol=tcp src-address-list=\
    Lista_Negra
    add action=add-src-to-address-list address-list=Lista_Negra \
    address-list-timeout=1w3d chain=input comment="Regra da Lista Negra" \
    connection-limit=1,32 disabled=no dst-port=21,22,23,25 protocol=tcp
    add action=accept chain=input comment="Acesso Admin Local" disabled=no \
    src-address=192.168.10.200
    add action=accept chain=output comment="" disabled=no dst-address=\
    192.168.10.200
    add action=accept chain=input comment="" disabled=no protocol=icmp
    add action=accept chain=output comment="" disabled=no protocol=icmp
    add action=drop chain=input comment=\
    "Bloqueia scan via local / para todos abaixo." disabled=no dst-port=5678 \
    protocol=udp src-address=!192.168.10.200
    add action=drop chain=forward comment="Limitar Conexoes" connection-limit=\
    15,32 disabled=no dst-port=!80 protocol=tcp src-address=192.168.0.0/16 \
    tcp-flags=syn
    add action=add-src-to-address-list address-list=pscanners \
    address-list-timeout=2w chain=input comment="PORT SCANNERS TO LIST" \
    disabled=no protocol=tcp psd=21,3s,3,1
    add action=add-src-to-address-list address-list=pscanners \
    address-list-timeout=2w chain=input comment="NMAP FIN STEALTH" disabled=\
    no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list=pscanners \
    address-list-timeout=2w chain=input comment=SYN/FINn disabled=no \
    protocol=tcp tcp-flags=fin,syn
    add action=add-src-to-address-list address-list=pscanners \
    address-list-timeout=2w chain=input comment=FIN/PSH/URG disabled=no \
    protocol=tcp tcp-flags=fin,psh,urg,!syn,!ack
    add action=add-src-to-address-list address-list=pscanners \
    address-list-timeout=2w chain=input comment=ALL/ALL disabled=no protocol=\
    tcp tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list=pscanners \
    address-list-timeout=2w chain=input comment=SYN/RST disabled=no protocol=\
    tcp tcp-flags=syn,rst
    add action=add-src-to-address-list address-list=pscanners \
    address-list-timeout=2w chain=input comment="NMAP NULL" disabled=no \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input comment="DROP CONECC\C3O INVALIDO" \
    connection-state=invalid disabled=no
    add action=accept chain=customer comment="ALLOW ESTABLISHED CONNECTIONS" \
    connection-state=established disabled=no
    add action=accept chain=customer comment="ALLOW RELATED CONNECTIONS" \
    connection-state=related disabled=no
    add action=log chain=customer comment="LOG DROPPED CONNECTIONS" disabled=no \
    log-prefix=customer_drop
    add action=drop chain=customer comment="DROP AND LOG EVERYTHING ELSE" \
    disabled=no
    add action=accept chain=forward comment="" disabled=no limit=1,5 protocol=tcp \
    tcp-flags=fin,syn,rst,ack
    add action=accept chain=input comment=SYN-FLOOD disabled=no limit=1,5 \
    protocol=tcp tcp-flags=fin,syn,rst,ack
    add action=accept chain=input comment="DOS ATTACK" disabled=no icmp-options=\
    8:0 limit=1,5 protocol=icmp
    add action=accept chain=forward comment="" disabled=no icmp-options=8:0 \
    limit=1,5 protocol=icmp
    add action=drop chain=input comment="DROPPING PORT SCANNERS" disabled=no \
    src-address-list=pscanners
    add action=drop chain=customer comment="DROP PACOTES DE CONEC O INVALIDOS" \
    connection-state=invalid disabled=no
    add action=accept chain=customer comment="ACEITAR CONEC O ESTABELECIDAS" \
    connection-state=established disabled=no
    add action=accept chain=customer comment="ALLOW RELATED CONNECTIONS" \
    connection-state=related disabled=no
    add action=drop chain=customer comment="DROP AND LOG EVERYTHING ELSE" \
    disabled=no
    add action=accept chain=input comment="ACEITA CONEC OES RELACIONADAS" \
    connection-state=related disabled=no
    add action=drop chain=input comment="NEGAR CONECC\D5ES INVALIDAS" \
    connection-state=invalid disabled=no
    add action=accept chain=input comment=UDP disabled=no protocol=udp
    add action=accept chain=input comment="ACEITAR LIMITES DE PINGS" disabled=no \
    limit=50/5s,2 protocol=icmp
    add action=accept chain=input comment="SSH for secure shell" disabled=no \
    dst-port=22 protocol=tcp
    add action=accept chain=input comment=winbox disabled=no dst-port=8291 \
    protocol=tcp
    add action=drop chain=input comment="Conex\F5es Inv\E1lidas" \
    connection-state=invalid disabled=no
    add action=drop chain=customer comment="DROP INVALID CONNEECTION PACKETS" \
    connection-state=invalid disabled=no
    add action=accept chain=customer comment="ALLOW ESTABLISHED CONNECTIONS" \
    connection-state=established disabled=no
    add action=accept chain=customer comment="ALLOW RELATED CONNECTIONS" \
    connection-state=related disabled=no
    add action=accept chain=forward comment="" disabled=no limit=1,5 protocol=tcp \
    tcp-flags=fin,syn,rst,ack
    add action=accept chain=input comment=SYN-FLOOD disabled=no limit=1,5 \
    protocol=tcp tcp-flags=fin,syn,rst,ack
    add action=accept chain=input comment="DOS ATTACK" disabled=no icmp-options=\
    8:0 limit=1,5 protocol=icmp



  3. As portas: 3127-3128

    Não são usadas por padrão do proxy?? Tem vírus usando essas portas?

  4. Se estas regras estiverem dropadas, o proxy fica lento, depois vem aquele monte de post dizendo que a rede tá lenta quando ativa o proxy.



  5. Citação Postado originalmente por EdilsonLSouza Ver Post
    As portas: 3127-3128

    Não são usadas por padrão do proxy?? Tem vírus usando essas portas?


    Essas portas que estão sendo dropadas seria para quem usa outras portas para o proxy como a 8080, agora se vc usa essas portas para o seu proxy éh só vc dropar a sua interface do Link.






Tópicos Similares

  1. Respostas: 10
    Último Post: 25-09-2010, 13:30
  2. Respostas: 3
    Último Post: 22-06-2008, 22:48
  3. Como fazer para excutar um script de logon no win98...
    Por heoxzy no fórum Servidores de Rede
    Respostas: 4
    Último Post: 09-05-2005, 15:55
  4. Script para Firewall
    Por no fórum Servidores de Rede
    Respostas: 0
    Último Post: 16-04-2004, 07:45
  5. Como fazer um script para bloqueio de modem
    Por Renato2004 no fórum Servidores de Rede
    Respostas: 1
    Último Post: 08-03-2004, 15:13

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L